CVE Published: 24/10/2024 |
CVE Updated: 24/11/2024 |
CVE Year: 2024 Source: redhat |
Vendor: |
Product: Status : PUBLISHED
CVE-2024-10295 Description
A flaw was found in Gateway. Sending a non-base64 \'basic\' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.